settld 0.1.2 → 0.1.5

package/docs/gitbook/quickstart.md

@@ -0,0 +1,104 @@
+# Quickstart
+
+Get from zero to a verified Kernel v0 flow in minutes.
+
+## Prerequisites
+
+- Node.js 20+
+- Docker Desktop / Docker Engine running
+- `jq` installed (recommended for local checks)
+
+## 1) Start local stack
+
+Installed CLI:
+
+```bash
+npx settld dev up
+```
+
+Repo checkout:
+
+```bash
+./bin/settld.js dev up
+```
+
+Expected:
+
+- API healthy on local URL
+- local ops token available (`tok_ops` in default dev path)
+
+## 2) Create a capability template
+
+Installed CLI:
+
+```bash
+npx settld init capability my-capability
+```
+
+Repo checkout:
+
+```bash
+./bin/settld.js init capability my-capability
+```
+
+Then run the generated capability server (follow generated README in the capability folder).
+
+## 3) Run kernel conformance
+
+Installed CLI:
+
+```bash
+npx settld conformance kernel --ops-token tok_ops --json-out /tmp/kernel-report.json
+```
+
+Repo checkout:
+
+```bash
+./bin/settld.js conformance kernel --ops-token tok_ops --json-out /tmp/kernel-report.json
+```
+
+Expected:
+
+- conformance PASS
+- report at `/tmp/kernel-report.json`
+
+## 4) Export and verify a closepack
+
+Use an agreement hash from conformance/test output:
+
+```bash
+npx settld closepack export --agreement-hash <agreementHash> --out closepack.zip
+npx settld closepack verify closepack.zip --json-out /tmp/closepack-verify.json
+```
+
+Expected:
+
+- closepack verify passes
+- JSON verification report produced
+
+## 5) Replay-evaluate
+
+```bash
+curl -s "http://127.0.0.1:3000/ops/tool-calls/replay-evaluate?agreementHash=<agreementHash>" \
+  -H "x-proxy-ops-token: tok_ops" | jq .
+```
+
+Expected: replay comparison fields indicate consistency/match.
+
+## Troubleshooting
+
+### Docker not found
+
+Install/start Docker. Then rerun `dev up`.
+
+### Node engine warning
+
+Use Node 20+.
+
+### Ops token permission error
+
+Use token with at least `ops_read` scope.
+
+### Port conflicts
+
+Stop process on API port (`3000`) or configure alternate local runtime settings.

package/docs/gitbook/replay-and-audit.md

@@ -0,0 +1,30 @@
+# Replay and Audit
+
+Replay proves your stored settlement result still matches recomputed evaluation under the same pinned context.
+
+## Replay goals
+
+- verify decision consistency
+- detect policy/verifier drift impact
+- produce audit-ready evidence for incident/compliance reviews
+
+## Tool-call replay
+
+Use replay endpoint with agreement hash and compare:
+
+- decision outcome
+- reason codes/evaluation summary
+- pinned policy/verifier references
+- expected deterministic adjustment behavior
+
+## Audit workflow
+
+1. Fetch artifacts for subject agreement.
+2. Run replay-evaluate.
+3. Export closepack.
+4. Run offline verify.
+5. Store replay + verify reports with incident/release packet.
+
+## Release gate recommendation
+
+Make replay mismatch rate and closepack verify failures release-blocking thresholds.

package/docs/gitbook/sdk-reference.md

@@ -0,0 +1,35 @@
+# SDK Reference
+
+Settld provides JavaScript and Python SDKs to reduce raw-HTTP integration overhead.
+
+## JavaScript SDK
+
+Path: `packages/api-sdk`
+
+Typical workflow methods:
+
+- create/submit lifecycle requests
+- fetch artifacts and replay checks
+- dispute operations and status reads
+- reputation fact queries
+
+## Python SDK
+
+Path: `packages/api-sdk-python`
+
+Typical workflow methods mirror JS flow:
+
+- settlement lifecycle calls
+- dispute flow operations
+- replay checks
+- reputation reads
+
+## Integration pattern
+
+1. Keep artifact IDs in your own datastore.
+2. Treat settlement artifacts as first-class business records.
+3. Use replay + closepack verification for sensitive incident paths.
+
+## Versioning
+
+Keep SDK versions aligned with protocol/object compatibility requirements for your deployment window.

package/docs/gitbook/security-model.md

@@ -0,0 +1,58 @@
+# Security Model
+
+Settld minimizes trust assumptions in settlement outcomes by making critical claims signed, bound, and independently verifiable.
+
+## Threats this design addresses
+
+- artifact tampering after execution
+- ambiguous money movement without decision lineage
+- unauthorized economic actions outside authority scope
+- silent drift between stored decisions and replayed outcomes
+
+## Core controls
+
+## Signed artifacts + canonical hashing
+
+Critical objects are signed and hash-bound.
+
+## Authority-scoped execution
+
+Authority grants constrain spend, scope, and time.
+
+## Agreement/evidence binding
+
+Evidence must align with agreement commitments (`callId`, `inputHash`, terms).
+
+## Deterministic idempotent effects
+
+Deterministic IDs and uniqueness constraints prevent duplicate financial side effects.
+
+## Dispute legitimacy
+
+Non-admin dispute open requires signer-bound envelope proof.
+
+## Replay and closepack verification
+
+Stored outcomes can be recomputed and verified offline.
+
+## Boundaries (what Settld does not solve alone)
+
+- correctness beyond configured policy/verifier semantics
+- private key compromise
+- unsafe tenant policy configuration
+- jurisdiction-specific legal/compliance obligations by default
+
+## Operational minimums
+
+- signer key rotation + inventory controls
+- monitor replay mismatches and dispute lag
+- keep strict separation between demo/test/prod tokens
+- include closepack verify in release and incident workflows
+
+## References
+
+- `SECURITY.md`
+- `docs/spec/THREAT_MODEL.md`
+- `docs/THREAT_MODEL.md`
+- `docs/ALERTS.md`
+- `docs/ONCALL_PLAYBOOK.md`

package/docs/integrations/README.md

@@ -0,0 +1,14 @@
+# Integrations
+
+Copy/paste adoption templates and guardrails:
+
+- `github-actions.md` — composite action usage and trust anchor wiring.
+- `github-actions-verify.yml` — pasteable workflow template.
+- `openclaw/settld-mcp-skill/SKILL.md` — OpenClaw skill payload for Settld MCP.
+- `openclaw/CLAWHUB_PUBLISH_CHECKLIST.md` — publish + validation checklist for ClawHub.
+
+See also:
+
+- `docs/QUICKSTART_VERIFY.md`
+- `docs/ADOPTION_CHECKLIST.md`
+- `docs/QUICKSTART_MCP_HOSTS.md`

package/docs/integrations/github-actions-verify.yml

@@ -0,0 +1,31 @@
+name: verify bundles (settld)
+
+on:
+  workflow_dispatch:
+
+jobs:
+  verify:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      # Replace this with the path to the bundle produced by your pipeline.
+      # For demo/conformance, we point at committed fixtures.
+      - name: Verify bundle (strict)
+        id: verify
+        # For external adoption:
+        # uses: settld/settld/.github/actions/settld-verify@vX.Y.Z
+        uses: ./.github/actions/settld-verify
+        with:
+          bundle_path: test/fixtures/bundles/v1/jobproof/strict-pass
+          strict: "true"
+          fail_on_warnings: "false"
+          hash_concurrency: "8"
+          trust_file: test/fixtures/bundles/v1/trust.json
+          output_json_path: settld-verify-output.json
+
+      - name: Upload verification output JSON
+        uses: actions/upload-artifact@v4
+        with:
+          name: settld-verify-output
+          path: settld-verify-output.json

package/docs/integrations/github-actions.md

@@ -0,0 +1,34 @@
+# GitHub Actions integration: `settld-verify`
+
+This repo ships a **first-party composite action** that runs `settld-verify` with stable machine output (`VerifyCliOutput.v1`) and supports strict/non-strict + warning gating.
+
+## Minimal workflow (strict, archive JSON)
+
+See `docs/integrations/github-actions-verify.yml` for a pasteable workflow.
+
+For usage from another repo, reference the action by tag:
+
+```yaml
+uses: settld/settld/.github/actions/settld-verify@vX.Y.Z
+```
+
+## Trust anchors
+
+Pass a `trust.json` file (same shape as `test/fixtures/bundles/v1/trust.json`):
+
+- `governanceRoots`: map of `keyId -> publicKeyPem`
+- `timeAuthorities`: optional map of `keyId -> publicKeyPem`
+
+The action exports these to the verifier via:
+
+- `SETTLD_TRUSTED_GOVERNANCE_ROOT_KEYS_JSON`
+- `SETTLD_TRUSTED_TIME_AUTHORITY_KEYS_JSON` (when present)
+
+## What to archive for audit
+
+Recommended posture:
+
+- Archive the **bundle** itself (immutable artifact store).
+- Archive the CI `VerifyCliOutput.v1` JSON (what you verified, when, with what tool identity).
+
+If you store the bundle, you already retain `verify/verification_report.json` inside it (the signed receipt).

package/docs/integrations/openclaw/CLAWHUB_PUBLISH_CHECKLIST.md

@@ -0,0 +1,65 @@
+# ClawHub Publish Checklist (Settld MCP Skill)
+
+Use this to publish and validate the Settld OpenClaw skill safely.
+
+## 1) Pre-Publish Validation
+
+Run local MCP sanity checks first:
+
+```bash
+npm run mcp:probe
+node --test test/mcp-stdio-spike.test.js test/mcp-http-gateway.test.js test/mcp-paid-exa-tool.test.js test/mcp-paid-weather-tool.test.js
+```
+
+Confirm required files exist:
+
+- `docs/integrations/openclaw/settld-mcp-skill/SKILL.md`
+- `docs/integrations/openclaw/settld-mcp-skill/mcp-server.example.json`
+
+## 2) Prepare Skill Metadata
+
+In `SKILL.md`, verify:
+
+- `name` is unique in ClawHub
+- `description` is short and explicit
+- `version` bumped for every publish
+
+## 3) Publish To ClawHub
+
+Publish the folder `docs/integrations/openclaw/settld-mcp-skill/` as your skill package.
+
+If ClawHub UI requests install instructions, use:
+
+- command: `npx`
+- args: `-y settld-mcp`
+- env: `SETTLD_BASE_URL`, `SETTLD_TENANT_ID`, `SETTLD_API_KEY`, optional `SETTLD_PAID_TOOLS_BASE_URL`
+
+## 4) Post-Publish Smoke Test
+
+Install the skill in a clean OpenClaw environment and verify:
+
+1. Tools are discoverable (`settld.*` visible).
+2. `settld.about` succeeds.
+3. One paid call succeeds:
+   - `settld.exa_search_paid`, or
+   - `settld.weather_current_paid`
+4. Result includes `x-settld-*` verification headers.
+
+## 5) Rollback Plan
+
+If smoke fails in production:
+
+1. Unlist or disable latest skill version in ClawHub.
+2. Revert to previous working skill version.
+3. Fix and republish with incremented `version`.
+
+## 6) Release Notes Template
+
+Capture these fields each publish:
+
+- Skill version
+- Settld package version used
+- Added/changed tools
+- Known limitations
+- Validation run timestamp
+

package/docs/integrations/openclaw/settld-mcp-skill/SKILL.md

@@ -0,0 +1,69 @@
+---
+name: settld-mcp-payments
+description: Connect OpenClaw agents to Settld MCP for paid tool calls with quote-bound authorization and verifiable receipts.
+version: 0.1.0
+author: Settld
+---
+
+# Settld MCP Payments Skill
+
+This skill teaches OpenClaw agents to use Settld for paid MCP tool calls.
+
+## What This Skill Enables
+
+- Discover Settld MCP tools (`settld.*`)
+- Run paid tool calls with x402 challenge/authorize/retry flow
+- Return verifiable payment/settlement headers from tool responses
+- Produce audit-grade artifacts and receipts in Settld
+
+## Prerequisites
+
+- Node.js 20+
+- Settld API key (`SETTLD_API_KEY`)
+- Settld API base URL (`SETTLD_BASE_URL`)
+- Tenant id (`SETTLD_TENANT_ID`)
+- Optional paid tools base URL (`SETTLD_PAID_TOOLS_BASE_URL`)
+
+## MCP Server Registration
+
+Use the server definition in `mcp-server.example.json`.
+
+Server command:
+
+- command: `npx`
+- args: `["-y","settld-mcp"]`
+
+Required env vars:
+
+- `SETTLD_BASE_URL`
+- `SETTLD_TENANT_ID`
+- `SETTLD_API_KEY`
+
+Optional env vars:
+
+- `SETTLD_PAID_TOOLS_BASE_URL`
+- `SETTLD_PROTOCOL`
+
+## Agent Usage Pattern
+
+1. Call `settld.about` to verify connectivity.
+2. For paid search/data calls, use:
+   - `settld.exa_search_paid`
+   - `settld.weather_current_paid`
+3. For agreement lifecycle demo calls, use:
+   - `settld.create_agreement`
+   - `settld.submit_evidence`
+   - `settld.settle_run`
+   - `settld.resolve_settlement`
+
+## Smoke Prompts
+
+- "Call `settld.about` and return the result JSON."
+- "Run `settld.weather_current_paid` for Chicago in fahrenheit and include the `x-settld-*` headers."
+
+## Safety Notes
+
+- Treat `SETTLD_API_KEY` as secret input.
+- Do not print full API keys in chat output.
+- Keep paid tools scoped to trusted providers and tenant policy.
+

package/docs/integrations/openclaw/settld-mcp-skill/mcp-server.example.json

@@ -0,0 +1,12 @@
+{
+  "name": "settld",
+  "command": "npx",
+  "args": ["-y", "settld-mcp"],
+  "env": {
+    "SETTLD_BASE_URL": "http://127.0.0.1:3000",
+    "SETTLD_TENANT_ID": "tenant_default",
+    "SETTLD_API_KEY": "sk_live_xxx.yyy",
+    "SETTLD_PAID_TOOLS_BASE_URL": "http://127.0.0.1:8402"
+  }
+}
+

package/docs/kernel-compatible/capabilities.json

@@ -0,0 +1,36 @@
+{
+  "schemaVersion": "KernelCompatibleDirectory.v0",
+  "updatedAt": "2026-02-11T00:00:00.000Z",
+  "entries": [
+    {
+      "id": "reference-deterministic-latency-threshold",
+      "name": "Reference Capability: Deterministic Latency Threshold",
+      "owner": "settld",
+      "type": "reference",
+      "repoPath": "examples/reference-capabilities/deterministic-latency-threshold",
+      "deterministicVerifierRef": "verifier://settld/deterministic/latency-threshold-v1",
+      "conformanceCaseIds": [
+        "tool_call_holdback_release",
+        "tool_call_holdback_refund"
+      ],
+      "closepackVerified": true,
+      "lastVerifiedAt": "2026-02-11T00:00:00.000Z",
+      "status": "listed"
+    },
+    {
+      "id": "reference-deterministic-schema-check",
+      "name": "Reference Capability: Deterministic Schema Check",
+      "owner": "settld",
+      "type": "reference",
+      "repoPath": "examples/reference-capabilities/deterministic-schema-check",
+      "deterministicVerifierRef": "verifier://settld/deterministic/schema-check-v1",
+      "conformanceCaseIds": [
+        "tool_call_holdback_release",
+        "marketplace_run_replay_evaluate"
+      ],
+      "closepackVerified": true,
+      "lastVerifiedAt": "2026-02-11T00:00:00.000Z",
+      "status": "listed"
+    }
+  ]
+}

package/docs/marketing/agent-commerce-substrate.md

@@ -0,0 +1,78 @@
+# Settld: Commerce And Trust Substrate For Agent Tool Execution
+
+Settld is the trust and settlement layer for paid agent tool calls.
+
+In an agent economy, the unit of work is not a human checkout flow. It is an agent invoking tools. The moment those calls become paid, teams need authorization, budget controls, replay safety, verifiable execution proof, and settlement that does not collapse on micro-transaction costs.
+
+Settld exists to standardize that layer so paid tool calls are safe, composable, and auditable by default.
+
+## What Settld Is
+
+Settld is a protocol-native commerce rail for agent tools:
+
+- Payment challenge to authorization to retry (`402 -> authorize -> paid retry`).
+- Offline-verifiable SettldPay authorization tokens (`/.well-known/settld-keys.json`).
+- Provider-side cryptographic accountability (signed response proofs).
+- Receipt bindings that tie `authorizationRef`, request hash, response hash, and provider signature verification status together.
+- Provider self-publish flow (manifest -> conformance -> certified listing).
+- Batch-oriented settlement path for scalable payout economics.
+
+## What Settld Is Not
+
+- Not an agent framework.
+- Not a wallet company.
+- Not a bespoke integrations shop.
+
+Settld integrates with frameworks and wallets while owning the trust, policy, receipts, and settlement contract.
+
+## Product Promise
+
+Settld should make a paid tool call as reliable and auditable as a mature payment API:
+
+1. An agent can pay for a tool call without custom billing glue.
+2. A provider can accept payment with offline verification, not blind trust.
+3. Every call produces machine-verifiable receipts, not only logs.
+4. Finance and compliance teams can audit outcomes without trusting a mutable database.
+5. Settlement can be batched and replay-safe, so economics work at agent scale.
+
+## The Ecosystem Flywheel
+
+1. Providers scaffold paid tools from OpenAPI or HTTP.
+2. Providers publish a manifest and endpoint.
+3. Settld runs conformance and issues certification status.
+4. Certified tools become discoverable to agent builders.
+5. Agents execute with autopay and receive deterministic receipts.
+6. More trust drives more providers and more demand.
+
+The key is that new tools should be published by providers, not hand-integrated by Settld engineers.
+
+## Core CTAs
+
+Use one primary call to action per audience:
+
+- Agent builders: run paid tool demo and inspect receipts.
+- Tool providers: scaffold, publish, and certify in under 10 minutes.
+- Operators and finance: review receipt and settlement artifacts.
+
+## Metrics That Matter
+
+Track only the metrics that prove substrate adoption and reliability:
+
+- Weekly paid tool calls.
+- Reserve failure rate (7-day rolling).
+- Settlement success rate (batch execution).
+
+Optional expansion metrics:
+
+- Certified providers.
+- Time from publish to first paid call.
+- Replay rejection rate.
+
+## Near-Term Execution Sequence
+
+1. Harden real-money reserve path (Circle sandbox to constrained production pilot).
+2. Ship idempotent batch settlement worker and payout registry as default operations.
+3. Expand reference demos beyond search (weather + LLM/embeddings).
+4. Tighten publish UX so first certified paid tool is consistently under 10 minutes.
+
+This is how Settld becomes default infrastructure for paid agent tool execution instead of an integrations treadmill.

package/docs/marketing/hn-repost-2026-02-17.md

@@ -0,0 +1,102 @@
+# HN Repost Draft (Tue 2026-02-17)
+
+Note on compositional settlement: keep the claim narrow. Settld can bind a settlement to an agreement delegation graph and run deterministic pre-release checks (e.g. block cycles) with stable error codes (e.g. `AGREEMENT_DELEGATION_CYCLE`). Avoid implying multi-hop settlement is \"automatic\" beyond what the current API actually enforces.
+
+## Locked Timing (ET / PT)
+
+- Copy freeze: Mon 2026-02-16 21:00 ET / 18:00 PT
+- Repost submission (target): Tue 2026-02-17 08:15 ET / 05:15 PT
+- Live monitoring: Tue 08:15–11:30 ET (respond fast while ranking is most sensitive)
+- Second sweep: Tue 18:30 ET / 15:30 PT
+
+## Submission Details
+
+- Type: Show HN (repost)
+- Link target (pick one):
+  - GitHub repo (recommended for OSS + technical audience): `README.md`
+  - Blog wedge post (more narrative): `docs/blog/2026-02-14-your-ai-agent-just-spent-500-where-is-the-receipt.md`
+  - Magic Link hosted demo (if we want buyer POV): TODO (add URL)
+- Original HN thread (if applicable): TODO (add URL)
+
+## Title Options (Pick 1)
+
+1. Show HN (Repost): Settld – verifiable receipts for agent spend (OSS)
+2. Show HN (Repost): Settld – verify-before-release receipts for x402-style APIs
+3. Show HN (Repost): Settld – deterministic settlement receipts for AI agents
+
+## OP Comment (Recommended, Short)
+
+Hi HN,
+
+Reposting with a tighter “try it in 10 minutes” wedge and more spec/conformance polish.
+
+Settld is an open source artifact protocol + verifier for turning agent work (and its evidence) into something closer to an invoice receipt: hash-bound, signed, and offline-verifiable by someone who doesn’t trust the producer.
+
+The quickest way to feel it is the in-repo x402 gateway demo: if an upstream returns `HTTP 402 Payment Required`, the proxy turns it into `hold -> verify -> release/refund` and emits a deterministic “receipt-like” trail (`x-settld-*` headers + an API query surface).
+
+TL;DR quickstart: `npm ci && npm run quickstart:x402` (prints `OK` + `gateId=...`). Full steps: `docs/QUICKSTART_X402_GATEWAY.md`
+
+Two important constraints up front:
+
+- This is not a payment processor. The local demo uses `X402_AUTOFUND=1` to simulate funding so escrow holds can be created without wiring a real rail.
+- The core contract is the verifiable receipt + deterministic outputs (stable warning/error codes), not “trust us, the dashboard says it passed.”
+
+Feedback I’d love:
+
+- If you’re shipping agents that spend money, what evidence would you require to automate payout/release?
+- Where would this break in your stack: tool calls, metering, dispute windows, refunds/chargebacks, or trust bootstrapping?
+
+## OP Comment (Longer, If Needed)
+
+Hi HN,
+
+Reposting: Settld is my attempt at a missing layer for agent workflows that spend money.
+
+Most stacks can prove “payment happened,” but can’t produce a portable receipt for “the work happened under the agreed terms” without shipping their entire log database to the counterparty.
+
+Settld (as shipped in this repo) is two things sharing the same “truth engine”:
+
+- An open artifact protocol (bundles + manifests + attestations + receipts) that can be verified offline with explicit trust anchors.
+- A hosted controller (“Magic Link”) that runs the same verifier server-side for buyer-friendly approvals and exports (optional; the hosted UI shouldn’t be the only judge).
+
+The smallest demo wedge is the x402 gateway: put a thin proxy in front of an x402-style API. When the upstream returns `HTTP 402`, the proxy routes it through a deterministic settlement step (`hold -> verify -> release/refund`) and returns a receipt-like trail you can store for audit. Quickstart: `docs/QUICKSTART_X402_GATEWAY.md`
+
+Notes / boundaries:
+
+- Local mode simulates funding (`X402_AUTOFUND=1`) to make the flow runnable without a real payment rail.
+- The interesting part (to me) is that verification outputs are deterministic and machine-readable with stable codes, and can be reproduced offline from the bundle.
+
+Would love critique on whether this is the right abstraction boundary (protocol + verifier + optional controller), and what primitives are missing to make this usable in real agent payment flows.
+
+## Defensible Claims (OK To Say)
+
+- Offline-verifiable bundles/receipts: artifacts commit to evidence by hashes; attestations/receipts are signature-checked; verification is reproducible without trusting the producer (`docs/OVERVIEW.md`, `docs/spec/`).
+- Deterministic verification outputs with stable codes (warnings/errors), suitable for CI gating and audit retention (`docs/OVERVIEW.md`, `docs/QUICKSTART_VERIFY.md`, `docs/spec/WARNINGS.md`, `docs/spec/ERRORS.md`).
+- x402 “verify-before-release” wedge exists in repo and is runnable locally in ~10 minutes (`docs/QUICKSTART_X402_GATEWAY.md`).
+- Escrow/ledger semantics are double-entry and tested as deterministic invariants (position as “ledger model + invariants,” not “we move real money”) (`docs/LEDGER.md`, `docs/spec/ESCROW_NETTING_INVARIANTS.md`).
+- Hosted Verify Cloud is optional; protocol/verifier are the trust core (don’t claim “must use the cloud”) (`docs/OVERVIEW.md`).
+
+## Claims To Avoid or Qualify
+
+- “We solve payments” or “we are escrow.” Safer: “we model escrow holds and deterministic release/refund decisions; wiring real rails is a separate integration.”
+- “CFO/audit-ready” as a blanket statement. Safer: “designed for audit evidence retention; produces deterministic, verifiable receipts.”
+- Any “multi-hop/cascade settlement is fully implemented” wording unless we choose a tight, defensible phrasing (see TODO and options below).
+
+## Likely HN Questions (Short Answers)
+
+- “Why not just use Stripe Connect?”
+  - Stripe moves money. Settld is about proving/verifying off-chain work and producing a portable, deterministic receipt that can drive a release/refund decision.
+- “Why not do this as a smart contract?”
+  - Smart contracts enforce on-chain state; the hard part here is verifying off-chain evidence/work completion and making that verification reproducible offline.
+- “Is this centralized trust?”
+  - The hosted UI is intentionally not the only judge; verification should be reproducible offline with explicit trust anchors.
+- “Does the demo move real money?”
+  - No; it simulates funding to make the end-to-end loop runnable locally (`X402_AUTOFUND=1`).
+
+## Cascade Settlement (Decision Needed Before Mon 2026-02-16)
+
+If we include anything about cascade/multi-hop settlement, pick ONE of these and stick to it:
+
+- Option A (spec-level, safest): “We added an `AgreementDelegation.v1` primitive for linking parent/child agreements in multi-hop agent chains (provenance, depth limits, and budget-capping).”
+- Option B (lightly aspirational): “We’re building toward multi-hop agent chains with compositional budget-capping and deterministic settlement; the delegation primitive is in the repo.”
+- Option C (omit): Don’t mention cascade settlement at all; keep the post focused on the verifiable receipt + verify-before-release wedge.